[sf-lug] update from computer newbie

jim stockford jim at well.com
Sat Jul 8 10:30:20 PDT 2006


    boy, the attack of the white corpuscles!
    The general problem I have with the recent stream is that
of generalness: don't run cruddy software, be aware of
the risks....

Gosh, how do I know?

My experience is
* One box was directly hooked up on the net. I walked by
and saw the LED blinking furiously. I'd been cracked:
some guy, seems like in Korea, set up malware that was
attacking the internet from my box. I pulled the plug, put
in a new hard drive, reinstalled, and used better
passwords.
    I inspected /root/.bash_history and learned a lot about
cracking and rootkits.
    Speakeasy sent me harsh mail.
    Now, with somewhat better passwords, I have two static
IPs: one is a box looking directly at the internet, the other
is a router with the hated NAT, with some number of boxes
behind it on 192.168.1.0. When there are boxes, they have
the same apparent hit rate as the box directly connected--
none. The "apparent" disclaimer means to acknowledge
that competent crackers can own my boxes without my
knowledge.
    Bottom line: the box without the router seems to be
working okay--any crackers are politely and discretely
invisible. The box has no personal info that can be
compromised.
    I'm happy ripping things apart and/or reinstalling the
OS from scratch, if need be, so I don't much care.

    My hard drives have died, data lost, grinding of teeth.
Now I have RAID 1, with dual drives, pretty much all
partitions are mirrored. That's not possible with a laptop,
at least not with most laptops, I think, so saving important
files to removable storage is a good idea. If data is small,
floppies work great. If the laptop has a CD burner, good.
If big files and no CD burner, what about sending data
off in an encrypted stream to some online repository?

    As to running cruddy software, I do not own any MSFT
products. There is a Windows box in the other room, and
when Ola came over, she found some large number
(20 or 50, I forget) of malware of different types.
    But how do I know what's cruddy in the Linux world?
There's notoriously cruddy--people bad-rap it, and
there's surreptitiously cruddy, per asheesh's comment
about trusting live CDs and per rick's story of the sys
adm who got sloppy. But trusting internet reports is akin
to trusting rumor or trade mags. Detecting malware is
forensics--a seemingly unclimbable learning curve.
    Marcus' story of the princes seems to suggest that I
write my own software. I ran into some soviet refugees
who in the USSR wrote their own compilers as a matter
of course. They, too, count in the number of smart
people.

    I don't run FTP, but I run a web server and sshd. My
purpose is to learn, mainly to get money in the industry,
secondarily to oppose MSFT. IT's a big, big mountain
with a lot to learn. I figure open myself up and start
learning. My thanks to the teachers.





More information about the sf-lug mailing list